Many of you likely recall the federal HRDC (Human Resources Development Canada) controversy over the so-called Big Brother database. From what I read, it seems that they were assembling a database of information that they had already collected legally.
Since it sounded like a data warehouse project, I did not see the problem. I blew it off as the opposition party trying to put yet another nail in the Honourable Jane Stewart’s coffin.
Later, I thought about my own access to information and realized in my day-to-day work I have the ability – and requirement – to manipulate data that, were it transmitted incorrectly, would at least seriously embarrass people. I discovered that many people guard their birth dates and legal names as if the information were as sensitive as the detailed notes of how they contracted a sexually transmitted disease in a seedy hotel room with someone other than their spouse. Naturally I have signed a nondisclosure agreement that points out just how much misery can be mine if I choose to be irresponsible. But people probably would not take comfort thinking that some computer geek was fired after the distribution of the home addresses and digital mug shots of all the women in the office.
Assess your situation. What confidential information are you able to easily access? I suspect that ordinary, not-too-rabid civil libertarians would soil themselves were you to tell them. You may know that when the Nazis invaded Scandinavia, Norway (if I recall correctly) had kept good records on their citizens. The Nazis said thanks very much and used the data to eliminate most of the underground resistance groups. Thus, data usage can actually kill people.
Obviously, I don’t think the fear of being invaded should be an excuse for bad data management, but in the HRDC’s case I think the public concern was closer to “who has access to this now-conveniently organized information and what are they going to do with it?” Without a visible check-out system and audits of data usage, some people’s imaginations run wild with speculation. Personally, I don’t think my tax return data is going to influence my health care records. Could I be put on a longer waiting list if I am late paying taxes? It depends on who’s using the data. Judgement calls occur all the time; services have been turned down because of a “bad feeling.” Could irrelevant data generate a negative response? Hmmm…
Perhaps if HRDC had very publicly said, “Look, we’re sick of running around looking for data we know we have. We’re putting it in one place. We have met with the privacy experts. Our rules for accessing the data are clearly specified. You can check who has accessed your information, and for what reasons, at www.JaneStewartCares.hrdc-drhc.gc.ca.”
There are reasons for us in the IT business to worry. If we get sloppy, legislation to better protect computer data privacy will be created. Right now we are very good at keeping clients away from sections of their data while always keeping for ourselves a back door key that will let us into the system in case of an emergency. Imagine the clients losing faith in us and taking the keys away from DBAs and system administrators, making us continually sign out the access codes and stating why we are in the system. The time to complete work would be ridiculous. The only way we can keep the power of the systems easily accessible is to earn the trust of our clients. My suggestions for this are to:
never admit or discuss the system access you have to people not on your project;
in friendly conversation cite examples of data in the vaguest ways; and,
avoid becoming jaded.
Treat the clients’ data, regardless of what it is, with the same caution with which you would like your full medical history treated – with respect and dignity and so that it would never be found on www.YuckyCases.com.
Ford is a Vancouver-based consultant. Details of his secret and really boring life can be legally requested through [email protected].
